Recipe 2.15 Preventing pings
2.15.1 Problem
You don't want remote
sites to receive responses if they ping you.
2.15.2 Solution
For
iptables
:
# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
For ipchains:
# ipchains -A input -p icmp --icmp-type echo-request -j DENY
2.15.3 Discussion
In this case, we use
DROP and DENY instead of
REJECT. If you're trying
to hide from pings, then replying with a rejection kind of defeats
the purpose, eh?Don't make the mistake of dropping all
ICMP messages, e.g.:
WRONG!! DON'T DO THIS!
# iptables -A INPUT -p icmp -j DROP
because pings are only one type of ICMP message, and you might not
want to block all types. That being said, you might want to block
some others, like
redirects and source quench. List the
available ICMP messages with:
$ iptables -p icmp -h
$ ipchains -h icmp
2.15.4 See Also
iptables(8), ipchains(8). The history of ping, by
its author, is at